Contents

Overview

This page shows how to use NST and nmap to detect the heartbleed vulnerability. Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.

Heartbleed Detection - NST Pro System

NST Pro users need to first update their NST system to get the latest version of nmap (i.e., v6.45 or greater) from the NST Pro repository. This release contains the nmap NSE (Nmap Scripting Engine) script: "/usr/share/nmap/scripts/ssl-heartbleed.nse" written by Patrik Karlsson which is based on code authored by Jared Stafford.

NST WUI

This section shows the NST WUI Nmap page with scan options and results using the Nmap NSE script: "/usr/share/nmap/scripts/ssl-heartbleed.nse":

This host: "10.222.222.116" is vulnerable to heartbleed. The image below shows the Nmap scan results formatted with the Nmap XSL style sheet:

Heartbleed Detection - NST Public System

NST Public users will first need to manually update their NST 20 system from the nmap site: "https://svn.nmap.org" to allow for nmap heartbleed detection. The following command sequence shows the necessary steps to allow the nmap version shipped with NST 20 to run the heartbleed nmap NSE script: "/usr/share/nmap/scripts/ssl-heartbleed.nse". Backups are created for all nmap files updated just in case there are any errors.

Remediation Steps For An NST System

If one has access and admin privileges to the remote server that exhibits the heartbleed vulnerability, then one needs to update the OpenSSL libraries on that system.

For an NST system, one needs to Yum update the openssl RPM packages. The Fedora openssl RPM version: "1.0.1e-37.fc20.1" or greater contains a patch for "CVE-2014-0160". Follow the update with a system reboot or restart of Web services.